Cybersecurity is finally becoming a top priority as executives realize that security breaches are not merely a cost of doing business – but an existential threat to their companies and careers.

According to Verizon’s 2018 Data Breach Investigations Report, there were more than 53,000 security incidents and more than 2,200 confirmed data disclosures over the 12-month reporting period. Because of insecure internet-facing web servers, much of the data compromised was sensitive and included user credentials and personally identifiable information.

Research by the Ponemon Institute says it takes companies an average of 69 days to contain a cyber attack with a total estimated cost of US$3.9 million. In addition to legal penalties, organizations can be forced to pay fines to a range of regulatory agencies and other organizations with contracts with the company.

According to CSO Online, cybercrime damages will cost the world US$6 trillion annually by 2021.

The good news is that if 2017 was the year of the hacker, 2018 was the year of the defender.

Companies are starting to make meaningful improvements in their cyber defense efforts but they still have a long way to go. For example, organizations took an average of 191 days to identify a breach in 2017, down from 201 days the previous year.

Protecting your business

The first step to be a good defender is to develop your cybersecurity strategy, which will outline how to best protect your ‘crown jewels’ – your critical digital assets and infrastructure.

Components of an effective cybersecurity strategy should include a comprehensive cyber risk assessment of your organization to identify the highest areas of risks and vulnerabilities based on several characteristics. These include your operating model, products and services, third party relationships and adoption of best practices and industry standards such as NIST (National Institute of Standards and Technology) in the U.S.

During this assessment process, you should determine how much risk your organization can accept, your mitigation strategy, the level of financial investments and other cyber risk transfer options, including managed security service providers and cyber insurance policies.

Until now, the cyber war was not a fair fight. The hackers had the upper hand. But it is now taking companies a shorter time to identify and contain breaches and the battlefield is starting to tilt in favor of the good guys.